How to Protect Trade Secrets in India Without a Dedicated Law

When people think of intellectual property, they immediately think of trademarks, patents, and copyrights — rights that are registered and publicly recorded. But some of a business's most valuable assets are things it deliberately does not disclose: secret formulas, proprietary software algorithms, customer databases, pricing strategies, and manufacturing processes. In India, these are called trade secrets — and protecting them requires a different legal approach entirely.

What Is a Trade Secret?

A trade secret is any confidential business information that provides a competitive advantage. Internationally, the TRIPS Agreement defines it as information that is: (a) secret, (b) has commercial value because it is secret, and (c) has been subject to reasonable steps by the holder to keep it secret. Common examples include:

• Product formulas or recipes — the classic example being the Coca-Cola formula, a trade secret for over 130 years
• Proprietary software source code and algorithms
• Customer lists, pricing structures, and negotiated supplier rates
• Marketing strategies and business plans
• Manufacturing processes and technical drawings

The Legal Gap in India

Unlike the United States (Defend Trade Secrets Act) or the European Union (Trade Secrets Directive), India has no dedicated trade secret statute. This does not mean trade secrets are unprotected — but protection is assembled from multiple sources:

• Indian Contract Act, 1872: The foundation of contractual protection — NDAs and confidentiality agreements are enforceable contracts.
• Common law breach of confidence: Courts apply equitable principles to protect confidential information even without a written contract.
• Information Technology Act, 2000: Section 72 penalises breach of confidentiality and privacy of electronic records.
• Digital Personal Data Protection Act, 2023: Governs personal data as a category of confidential information.
• Copyright Act, 1957: Source code is protected as a literary work — useful supplementary protection for software.

NDAs and Confidentiality Agreements

The most important protection tool is the Non-Disclosure Agreement (NDA). A well-drafted NDA legally binds parties who receive confidential information to keep it secret and use it only for specified purposes. Every NDA should include:

• Clear definition of confidential information: Specify exactly what is and is not covered — vague definitions lead to disputes in court.
• Permitted use: State exactly why information is being shared and restrict its use strictly to that purpose.
• Duration: Specify how long the obligation of confidentiality survives termination of the agreement.
• Exclusions: Information already in the public domain or independently developed by the recipient is typically excluded.
• Return or destruction clause: On termination, all confidential materials must be returned or securely destroyed.
• Remedies clause: Acknowledge that breach causes irreparable harm justifying injunctive relief — critical for emergency injunctions.

Employment and Vendor Clauses

Employees are the most common source of trade secret leakage in India — whether through intentional misappropriation or carelessness. Every employment contract should contain a confidentiality clause covering information accessed during employment, an IP assignment clause ensuring that work created during employment belongs to the employer, and post-employment confidentiality obligations.

Note: Broadly drafted non-compete clauses are generally unenforceable in India under Section 27 of the Indian Contract Act. However, post-employment confidentiality obligations are enforceable — this is an important distinction. Similarly, vendors and contractors who access proprietary information should sign separate vendor confidentiality agreements before any disclosure takes place.

Common Law: Breach of Confidence

Even without a written NDA, Indian courts — particularly the Delhi High Court — have recognised and enforced the equitable doctrine of breach of confidence. To succeed, a plaintiff must establish three elements:

• The information has the necessary quality of confidence (it is not freely available)
• The information was communicated in circumstances importing an obligation of confidence
• There was an unauthorised use or disclosure of the information

If all three elements are established, the court can grant an injunction restraining further disclosure, award damages for loss suffered, and in appropriate cases order an account of profits made by the wrongdoer. This doctrine has been applied in several cases involving former employees using ex-employer data to build competing businesses.

IT Act and DPDP Act Protections

Where confidential information is stored electronically — universal today — additional protections apply. Section 43A of the IT Act imposes liability on companies that fail to implement reasonable security practices protecting sensitive personal data. Section 72 makes it a criminal offence (up to two years imprisonment) for a person to disclose information accessed in exercise of official powers without consent.

The DPDP Act, 2023 adds further obligations where confidential databases contain personal information of customers, employees, or partners. Non-compliance can attract penalties up to ₹250 crore.

Practical Steps for Businesses

Legal agreements are only half the picture. Courts look at whether you actually treated the information as secret. Implement these internal measures:

• Access controls: Restrict access on a strict need-to-know basis and maintain logs of who accessed what and when.
• Confidentiality markings: Clearly label sensitive documents "Confidential" or "Proprietary" — this is important evidence in litigation.
• Secure storage: Use encrypted storage and secure email for transmission of sensitive materials.
• Exit procedures: When employees leave, conduct formal exit processes — return of all company devices, deletion of company data from personal devices, and written reminders of continuing obligations.
• Trade secret register: Maintain a documented list of what your business treats as confidential, when it was created, who has access, and what steps protect it. This register is invaluable evidence in litigation.

Conclusion

The absence of a dedicated trade secret law in India does not leave businesses unprotected — but it does mean that protection is only as strong as the contractual and operational measures you have put in place. A robust NDA, strong employment and vendor agreements, sound internal access controls, and documented confidentiality practices together create a legally defensible shield around your most sensitive business information.

If you have not yet audited your trade secret protection framework, now is the time. Learn about our Trade Secret Protection service → or explore our NDA Drafting service.